Hi,
I am using System.DirectoryServices.AccountManagement in .Net 3.5 to connect to Active Directory. It works fine but when I try get group information for user then it throws following exception.
System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355).
at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags)
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo()
at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsForestName()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOf(Principal foreignPrincipal, StoreCtx foreignContext)
at System.DirectoryServices.AccountManagement.Principal.GetGroupsHelper(PrincipalContext contextToQuery)
at System.DirectoryServices.AccountManagement.Principal.GetGroups(PrincipalContext contextToQuery)
It works fine when the application is run from the server which is part of the Active Directory, but when run from the stand alone client it throws this exception. Some of other operations are working without problem. The problem is also explained at http://directoryprogramming.net/forums/thread/6649.aspxas well, but the solution did not work for me.
Following is the code, user.GetGroups(context) fails.
using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName))
{
if (user != null)
{
var groups = user.GetGroups(context);
var returnGroups = from grp in groups
orderby grp.SamAccountName
select grp.SamAccountName;
return returnGroups.ToArray();
}
}
Similarly, I get the same error when I find a group and then try to access grp.Members property.
Thanks,
Aatif
| | Aatif | All,
I found a way to resolve the issue, this might help somebody else.
Add the IP address domain controller (which you are trying to connect) to the DNS server list on the client machine, make sure it is the first in the list.
Repair the network connections (disable/enable it)
Try again, it works.
Revert back to your original settings won't affect, it seems it caches somewhere and works until you reboot your machine. Somebody else might have better idea about it.
Thanks,
Aatif - Marked As Answer byeryangMSFT, ModeratorTuesday, September 22, 2009 6:12 AM
-
| | Aatif | Error 1355 is documented as "The specified domain either does not exist or could not be contacted." You'll need to work with the domain administrator to find out what's wrong with that machine. Start with the obvious stuff, is the machine actually joined to the domain? Ask more questions about it in a TechNet forum.
Hans Passant. | | nobugz | Thanks Hans for your reply, as I mentioned the machine is not part of the domain, it works on the machine which are part of the domain.
For non-joined machines all other operations are working. e.g.
var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName)
works, but then
user.GetGroups oruser.GetAuthorizationGroups() fails.
Thanks,
Aatif
| | Aatif | Clearly, the machine has to be joined to the domain to make domain controller queries possible.
Hans Passant. | | nobugz | I don't think I can directly help, but I can verify that you can query Active Directory from machines that are not joined to the domain. I have done it in plain VBScript. What you need to verify is that DNS can resolve the domain name, and you must connect to AD using an AD username and password. If you have that, you can query AD. Like I said, I cannot help you out with managed code, but I can with regular VBScript.
MCP | | webJose | Thanks webJose for confirmation.
It works when usingusing System.DirectoryServices (.Net 2), obviously code is complex and harder to understand.
Thanks,
Aatif | | Aatif | All,
I found a way to resolve the issue, this might help somebody else.
Add the IP address domain controller (which you are trying to connect) to the DNS server list on the client machine, make sure it is the first in the list.
Repair the network connections (disable/enable it)
Try again, it works.
Revert back to your original settings won't affect, it seems it caches somewhere and works until you reboot your machine. Somebody else might have better idea about it.
Thanks,
Aatif - Marked As Answer byeryangMSFT, ModeratorTuesday, September 22, 2009 6:12 AM
-
| | Aatif | You should ask the network administrator to verify the DNS entries for the domain controllers in your network. It could be that they are incomplete. If the DNS server is compliant with Active Directory (sorry, I don't remember the exact standard right now), the domain controller itself can make sure of this using (I think) ipconfig.
MCP | | webJose | You should ask the network administrator to verify the DNS entries for the domain controllers in your network. It could be that they are incomplete. If the DNS server is compliant with Active Directory (sorry, I don't remember the exact standard right now), the domain controller itself can make sure of this using (I think) ipconfig.
MCP
Yes, I have suggested that to the network team, but don't know if they are going to do anything about it. Until then my workaround works for me during the development phase.
Thanks,
Aatif | | Aatif |
|
index > .NET Base Class Library > Information about the domain could not be retrieved (1355)